Creating a Signature Key
Function
To ensure API security, tenants are advised to provide a protection mechanism for API access. That is, for APIs exposed by tenants, the request sources must be authenticated. Requests that do not meet the authentication requirements will be rejected. The signature key is one of the API security protection mechanisms. A tenant creates a signature key and binds it to an API. When requesting the API, APIC uses the bound signature key to encrypt the request parameters and generate a signature. When a tenant's backend service receives a request, it verifies the signature. If the signature verification fails, the request is not sent by APIC. In this case, the tenant can reject the request to ensure API security and prevent the API from being attacked by requests from unknown sources.
URI
POST /v2/{project_id}/apic/instances/{instance_id}/signs
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference. |
instance_id |
Yes |
String |
Instance ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
Signature key name. The value can contain only letters, digits, and underscores(_) and must start with a letter. |
sign_type |
No |
String |
Signature key type:
To use a Basic or AES signature key, ensure that your instance version supports it. If your instance does not support this type of signature key, contact technical support to upgrade your instance. To use a public_key signature key, ensure that the public_key feature has been configured for your instance. For details, see "Appendix" > "Supported Features". If your instance does not support this feature, contact technical support to enable it. |
sign_key |
No |
String |
Signature key.
|
sign_secret |
No |
String |
Signature secret.
|
sign_algorithm |
No |
String |
Signature algorithm. The default value is empty. Only AES signature keys support the signature algorithm. Other signature keys do not support the signature algorithm. |
Response Parameters
Status code: 201
Parameter |
Type |
Description |
---|---|---|
name |
String |
Signature key name. The value can contain only letters, digits, and underscores(_) and must start with a letter. |
sign_type |
String |
Signature key type:
To use a Basic or AES signature key, ensure that your instance version supports it. If your instance does not support this type of signature key, contact technical support to upgrade your instance. To use a public_key signature key, ensure that the public_key feature has been configured for your instance. For details, see "Appendix" > "Supported Features". If your instance does not support this feature, contact technical support to enable it. |
sign_key |
String |
Signature key.
|
sign_secret |
String |
Signature secret.
|
sign_algorithm |
String |
Signature algorithm. The default value is empty. Only AES signature keys support the signature algorithm. Other signature keys do not support the signature algorithm. |
update_time |
String |
Update time. |
create_time |
String |
Creation time. |
id |
String |
Signature key ID. |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error description. |
Status code: 401
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error description. |
Status code: 403
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error description. |
Status code: 404
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error description. |
Status code: 412
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error description. |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error description. |
Example Requests
Create a signature key of the default type.
{ "name" : "signature_demo", "sign_key" : "signkeysignkey", "sign_secret" : "sig**********ret" }
Example Responses
Status code: 201
Created
{ "sign_secret" : "sig**********ret", "update_time" : "2020-08-03T03:39:38.119032888Z", "create_time" : "2020-08-03T03:39:38.119032659Z", "name" : "signature_demo", "id" : "0b0e8f456b8742218af75f945307173c", "sign_key" : "signkeysignkey", "sign_type" : "hmac" }
Status code: 400
Bad Request
{ "error_code" : "APIG.2011", "error_msg" : "Invalid parameter value,parameterName:name. Please refer to the support documentation" }
Status code: 401
Unauthorized
{ "error_code" : "APIG.1002", "error_msg" : "Incorrect token or token resolution failed" }
Status code: 403
Forbidden
{ "error_code" : "APIG.1005", "error_msg" : "No permissions to request this method" }
Status code: 404
Not Found
{ "error_code" : "APIG.3030", "error_msg" : "The instance does not exist;id:f0fa1789-3b76-433b-a787-9892951c620ec" }
Status code: 412
PreconditionFailed
{ "error_code" : "APIG.3548", "error_msg" : "sign_type=public_key not supported by instance 6a29d4e9-69a0-412a-aabe-9898ec0903b0" }
Status code: 500
Internal Server Error
{ "error_code" : "APIG.9999", "error_msg" : "System error" }
Status Codes
Status Code |
Description |
---|---|
201 |
Created |
400 |
Bad Request |
401 |
Unauthorized |
403 |
Forbidden |
404 |
Not Found |
412 |
PreconditionFailed |
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot